Vulnerabilities > CVE-2009-0949 - Use of Uninitialized Resource vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Exploit-Db
| description | CUPS 1.3.9 'cups/ipp.c' NULL Pointer Dereference Denial Of Service Vulnerability. CVE-2009-0949. Dos exploit for linux platform |
| id | EDB-ID:33020 |
| last seen | 2016-02-03 |
| modified | 2009-06-02 |
| published | 2009-06-02 |
| reporter | Anibal Sacco |
| source | https://www.exploit-db.com/download/33020/ |
| title | CUPS <= 1.3.9 - 'cups/ipp.c' NULL Pointer Dereference Denial Of Service Vulnerability |
Nessus
NASL family Misc. NASL id CUPS_1_3_10.NASL description According to its banner, the version of CUPS installed on the remote host is earlier than 1.3.10. Such versions are affected by several issues : - A potential integer overflow in the PNG image validation code in last seen 2020-06-01 modified 2020-06-02 plugin id 36183 published 2009-04-17 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/36183 title CUPS < 1.3.10 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(36183); script_version("1.24"); script_cvs_date("Date: 2018/11/15 20:50:23"); script_cve_id( "CVE-2008-5286", "CVE-2009-0163", "CVE-2009-0164", "CVE-2009-0195", "CVE-2009-0949" ); script_bugtraq_id(32518, 34571, 34665, 34791, 35169); script_xref(name:"Secunia", value:"34481"); script_name(english:"CUPS < 1.3.10 Multiple Vulnerabilities"); script_summary(english:"Checks CUPS server version"); script_set_attribute(attribute:"synopsis", value:"The remote printer service is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its banner, the version of CUPS installed on the remote host is earlier than 1.3.10. Such versions are affected by several issues : - A potential integer overflow in the PNG image validation code in '_cupsImageReadPNG()' could allow an attacker to crash the affected service or possibly execute arbitrary code. (STR #2974) - A heap-based integer overflow exists in '_cupsImageReadTIFF()' due to a failure to properly validate the image height of a specially crafted TIFF file, which can be leveraged to execute arbitrary code. (STR #3031) - The web interface may be vulnerable to DNS rebinding attacks due to a failure to validate the HTTP Host header in incoming requests. (STR #3118) - A heap-based buffer overflow in pdftops allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary segments. (CVE-2009-0195) - Flawed 'ip' structure initialization in the function 'ippReadIO()' could allow an anonymous remote attacker to crash the application via a malicious IPP request packet with two consecutives IPP_TAG_UNSUPPORTED tags. (CVE-2009-0949)"); script_set_attribute(attribute:"see_also", value:"http://www.cups.org/str.php?L2974"); script_set_attribute(attribute:"see_also", value:"http://www.cups.org/str.php?L3031"); script_set_attribute(attribute:"see_also", value:"http://www.cups.org/str.php?L3118"); script_set_attribute(attribute:"see_also", value:"https://secuniaresearch.flexerasoftware.com/secunia_research/2009-18/"); script_set_attribute(attribute:"see_also", value:"http://www.coresecurity.com/content/AppleCUPS-null-pointer-vulnerability"); script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/504032/30/0/threaded"); script_set_attribute(attribute:"see_also", value:"http://www.cups.org/articles.php?L582"); script_set_attribute(attribute:"solution", value:"Upgrade to CUPS version 1.3.10 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_cwe_id(20, 119, 189, 399); script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/17"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:apple:cups"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); script_dependencies("http_version.nasl", "cups_1_3_5.nasl"); script_require_keys("www/cups", "Settings/ParanoidReport"); script_require_ports("Services/www", 631); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); port = get_http_port(default:631, embedded:TRUE); get_kb_item_or_exit("www/"+port+"/cups/running"); version = get_kb_item_or_exit("cups/"+port+"/version"); source = get_kb_item_or_exit("cups/"+port+"/source"); if (report_paranoia < 2) audit(AUDIT_PARANOID); if ( version =~ "^1\.([0-2]|3\.[0-9])($|[^0-9])" || version =~ "^1\.3(rc|b)" ) { if (report_verbosity > 0) { report = '\n Version source : ' + source + '\n Installed version : ' + version + '\n Fixed version : 1.3.10\n'; security_hole(port:port, extra:report); } else security_hole(port); exit(0); } else if (version =~ "^(1|1\.3)($|[^0-9.])") audit(AUDIT_VER_NOT_GRANULAR, "CUPS", port, version); else audit(AUDIT_LISTEN_NOT_VULN, "CUPS", port, version);NASL family MacOS X Local Security Checks NASL id MACOSX_SECUPD2009-005.NASL description The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have Security Update 2009-005 applied. This security update contains fixes for the following products : - Alias Manager - CarbonCore - ClamAV - ColorSync - CoreGraphics - CUPS - Flash Player plug-in - ImageIO - Launch Services - MySQL - PHP - SMB - Wiki Server last seen 2020-06-01 modified 2020-06-02 plugin id 40945 published 2009-09-11 reporter This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40945 title Mac OS X Multiple Vulnerabilities (Security Update 2009-005) code # # (C) Tenable Network Security, Inc. # if (!defined_func("bn_random")) exit(0); if (NASL_LEVEL < 3004) exit(0); include("compat.inc"); if (description) { script_id(40945); script_version("1.21"); script_cvs_date("Date: 2018/07/14 1:59:35"); script_cve_id("CVE-2008-2079", "CVE-2008-5498", "CVE-2008-6680", "CVE-2009-0590", "CVE-2009-0591", "CVE-2009-0789", "CVE-2009-0949", "CVE-2009-1241", "CVE-2009-1270", "CVE-2009-1271", "CVE-2009-1272", "CVE-2009-1371", "CVE-2009-1372", "CVE-2009-1862", "CVE-2009-1863", "CVE-2009-1864", "CVE-2009-1865", "CVE-2009-1866", "CVE-2009-1867", "CVE-2009-1868", "CVE-2009-1869", "CVE-2009-1870", "CVE-2009-2468", "CVE-2009-2800", "CVE-2009-2803", "CVE-2009-2804", "CVE-2009-2805", "CVE-2009-2807", "CVE-2009-2809", "CVE-2009-2811", "CVE-2009-2812", "CVE-2009-2813", "CVE-2009-2814"); script_bugtraq_id( 29106, 33002, 34256, 34357, 35759, 36350, 36354, 36355, 36357, 36358, 36359, 36360, 36361, 36363, 36364 ); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2009-005)"); script_summary(english:"Check for the presence of Security Update 2009-005"); script_set_attribute( attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes various security issues." ); script_set_attribute( attribute:"description", value: "The remote host is running a version of Mac OS X 10.5 or 10.4 that does not have Security Update 2009-005 applied. This security update contains fixes for the following products : - Alias Manager - CarbonCore - ClamAV - ColorSync - CoreGraphics - CUPS - Flash Player plug-in - ImageIO - Launch Services - MySQL - PHP - SMB - Wiki Server" ); script_set_attribute( attribute:"see_also", value:"http://support.apple.com/kb/HT3865" ); script_set_attribute( attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html" ); script_set_attribute( attribute:"see_also", value:"http://www.securityfocus.com/advisories/17867" ); script_set_attribute( attribute:"solution", value:"Install Security Update 2009-005 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"exploit_framework_canvas", value:"true"); script_set_attribute(attribute:"canvas_package", value:'CANVAS'); script_cwe_id(20, 59, 79, 94, 119, 189, 200, 264, 287, 399); script_set_attribute(attribute:"patch_publication_date", value:"2009/09/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/11"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages", "Host/uname"); exit(0); } # uname = get_kb_item("Host/uname"); if (!uname) exit(1, "The 'Host/uname' KB item is missing."); if (egrep(pattern:"Darwin.* (8\.[0-9]\.|8\.1[01]\.)", string:uname)) { packages = get_kb_item("Host/MacOSX/packages"); if (!packages) exit(1, "The 'Host/MacOSX/packages' KB item is missing."); if (egrep(pattern:"^SecUpd(Srvr)?(2009-00[5-9]|20[1-9][0-9]-)", string:packages)) exit(0, "The host has Security Update 2009-005 or later installed and therefore is not affected."); else security_hole(0); } else if (egrep(pattern:"Darwin.* (9\.[0-8]\.)", string:uname)) { packages = get_kb_item("Host/MacOSX/packages/boms"); if (!packages) exit(1, "The 'Host/MacOSX/packages/boms' KB item is missing."); if (egrep(pattern:"^com\.apple\.pkg\.update\.security\.(2009\.00[5-9]|20[1-9][0-9]\.[0-9]+)\.bom", string:packages)) exit(0, "The host has Security Update 2009-005 or later installed and therefore is not affected."); else security_hole(0); } else exit(0, "The host is not affected.");NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2009-1083.NASL description Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX(r) Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The Internet Printing Protocol (IPP) allows users to print and manage printing-related tasks over a network. The CUPS last seen 2020-06-01 modified 2020-06-02 plugin id 39303 published 2009-06-04 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/39303 title CentOS 3 / 4 : cups (CESA-2009:1083) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2009:1083 and # CentOS Errata and Security Advisory 2009:1083 respectively. # include("compat.inc"); if (description) { script_id(39303); script_version("1.20"); script_cvs_date("Date: 2019/10/25 13:36:04"); script_cve_id("CVE-2009-0791", "CVE-2009-0949", "CVE-2009-1196"); script_bugtraq_id(35169); script_xref(name:"RHSA", value:"2009:1083"); script_name(english:"CentOS 3 / 4 : cups (CESA-2009:1083)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX(r) Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The Internet Printing Protocol (IPP) allows users to print and manage printing-related tasks over a network. The CUPS 'pdftops' filter converts Portable Document Format (PDF) files to PostScript. 'pdftops' is based on Xpdf and the CUPS imaging library. A NULL pointer dereference flaw was found in the CUPS IPP routine, used for processing incoming IPP requests for the CUPS scheduler. An attacker could use this flaw to send specially crafted IPP requests that would crash the cupsd daemon. (CVE-2009-0949) A use-after-free flaw was found in the CUPS scheduler directory services routine, used to process data about available printers and printer classes. An attacker could use this flaw to cause a denial of service (cupsd daemon stop or crash). (CVE-2009-1196) Multiple integer overflows flaws, leading to heap-based buffer overflows, were found in the CUPS 'pdftops' filter. An attacker could create a malicious PDF file that would cause 'pdftops' to crash or, potentially, execute arbitrary code as the 'lp' user if the file was printed. (CVE-2009-0791) Red Hat would like to thank Anibal Sacco from Core Security Technologies for reporting the CVE-2009-0949 flaw, and Swen van Brussel for reporting the CVE-2009-1196 flaw. Users of cups are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the cupsd daemon will be restarted automatically." ); # https://lists.centos.org/pipermail/centos-announce/2009-June/015957.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?d3899c64" ); # https://lists.centos.org/pipermail/centos-announce/2009-June/015958.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?423f1b34" ); # https://lists.centos.org/pipermail/centos-announce/2009-June/015959.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?8b1ea8b4" ); # https://lists.centos.org/pipermail/centos-announce/2009-June/015960.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7ea3527d" ); script_set_attribute(attribute:"solution", value:"Update the affected cups packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_cwe_id(189, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:cups"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:cups-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:cups-libs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/06/09"); script_set_attribute(attribute:"patch_publication_date", value:"2009/06/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/06/04"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-3", reference:"cups-1.1.17-13.3.62")) flag++; if (rpm_check(release:"CentOS-3", reference:"cups-devel-1.1.17-13.3.62")) flag++; if (rpm_check(release:"CentOS-3", reference:"cups-libs-1.1.17-13.3.62")) flag++; if (rpm_check(release:"CentOS-4", cpu:"ia64", reference:"cups-1.1.22-0.rc1.9.32.c4.3")) flag++; if (rpm_check(release:"CentOS-4", cpu:"ia64", reference:"cups-devel-1.1.22-0.rc1.9.32.c4.3")) flag++; if (rpm_check(release:"CentOS-4", cpu:"ia64", reference:"cups-libs-1.1.22-0.rc1.9.32.c4.3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups / cups-devel / cups-libs"); }NASL family SuSE Local Security Checks NASL id SUSE_CUPS-6279.NASL description The last seen 2020-06-01 modified 2020-06-02 plugin id 41495 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41495 title SuSE 10 Security Update : CUPS (ZYPP Patch Number 6279) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(41495); script_version ("1.12"); script_cvs_date("Date: 2019/10/25 13:36:36"); script_cve_id("CVE-2009-0791", "CVE-2009-0949"); script_name(english:"SuSE 10 Security Update : CUPS (ZYPP Patch Number 6279)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "The 'pdftops' was prone to several integer overflows (CVE-2009-0791). The cups daemon could crash when receiving IPP requests with multiple unsupported tags. (CVE-2009-0949)" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-0791.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2009-0949.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 6279."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_cwe_id(189, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2009/06/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:2, reference:"cups-1.1.23-40.55")) flag++; if (rpm_check(release:"SLED10", sp:2, reference:"cups-client-1.1.23-40.55")) flag++; if (rpm_check(release:"SLED10", sp:2, reference:"cups-devel-1.1.23-40.55")) flag++; if (rpm_check(release:"SLED10", sp:2, reference:"cups-libs-1.1.23-40.55")) flag++; if (rpm_check(release:"SLED10", sp:2, cpu:"x86_64", reference:"cups-libs-32bit-1.1.23-40.55")) flag++; if (rpm_check(release:"SLES10", sp:2, reference:"cups-1.1.23-40.55")) flag++; if (rpm_check(release:"SLES10", sp:2, reference:"cups-client-1.1.23-40.55")) flag++; if (rpm_check(release:"SLES10", sp:2, reference:"cups-devel-1.1.23-40.55")) flag++; if (rpm_check(release:"SLES10", sp:2, reference:"cups-libs-1.1.23-40.55")) flag++; if (rpm_check(release:"SLES10", sp:2, cpu:"x86_64", reference:"cups-libs-32bit-1.1.23-40.55")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else exit(0, "The host is not affected.");NASL family Scientific Linux Local Security Checks NASL id SL_20090603_CUPS_ON_SL3_X.NASL description A NULL pointer dereference flaw was found in the CUPS IPP routine, used for processing incoming IPP requests for the CUPS scheduler. An attacker could use this flaw to send specially crafted IPP requests that would crash the cupsd daemon. (CVE-2009-0949) A use-after-free flaw was found in the CUPS scheduler directory services routine, used to process data about available printers and printer classes. An attacker could use this flaw to cause a denial of service (cupsd daemon stop or crash). (CVE-2009-1196) Multiple integer overflows flaws, leading to heap-based buffer overflows, were found in the CUPS last seen 2020-06-01 modified 2020-06-02 plugin id 60592 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/60592 title Scientific Linux Security Update : cups on SL3.x, SL4.x, SL5.x i386/x86_64 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text is (C) Scientific Linux. # include("compat.inc"); if (description) { script_id(60592); script_version("1.6"); script_cvs_date("Date: 2019/10/25 13:36:18"); script_cve_id("CVE-2009-0791", "CVE-2009-0949", "CVE-2009-1196"); script_name(english:"Scientific Linux Security Update : cups on SL3.x, SL4.x, SL5.x i386/x86_64"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Scientific Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A NULL pointer dereference flaw was found in the CUPS IPP routine, used for processing incoming IPP requests for the CUPS scheduler. An attacker could use this flaw to send specially crafted IPP requests that would crash the cupsd daemon. (CVE-2009-0949) A use-after-free flaw was found in the CUPS scheduler directory services routine, used to process data about available printers and printer classes. An attacker could use this flaw to cause a denial of service (cupsd daemon stop or crash). (CVE-2009-1196) Multiple integer overflows flaws, leading to heap-based buffer overflows, were found in the CUPS 'pdftops' filter. An attacker could create a malicious PDF file that would cause 'pdftops' to crash or, potentially, execute arbitrary code as the 'lp' user if the file was printed. (CVE-2009-0791) After installing this update, the cupsd daemon will be restarted automatically." ); # https://listserv.fnal.gov/scripts/wa.exe?A2=ind0906&L=scientific-linux-errata&T=0&P=75 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ebbe7ff1" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_cwe_id(189, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2009/06/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Scientific Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux"); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu); flag = 0; if (rpm_check(release:"SL3", reference:"cups-1.1.17-13.3.62")) flag++; if (rpm_check(release:"SL3", reference:"cups-devel-1.1.17-13.3.62")) flag++; if (rpm_check(release:"SL3", reference:"cups-libs-1.1.17-13.3.62")) flag++; if (rpm_check(release:"SL4", reference:"cups-1.1.22-0.rc1.9.32.el4_8.3")) flag++; if (rpm_check(release:"SL4", reference:"cups-devel-1.1.22-0.rc1.9.32.el4_8.3")) flag++; if (rpm_check(release:"SL4", reference:"cups-libs-1.1.22-0.rc1.9.32.el4_8.3")) flag++; if (rpm_check(release:"SL5", reference:"cups-1.3.7-8.el5_3.6")) flag++; if (rpm_check(release:"SL5", reference:"cups-devel-1.3.7-8.el5_3.6")) flag++; if (rpm_check(release:"SL5", reference:"cups-libs-1.3.7-8.el5_3.6")) flag++; if (rpm_check(release:"SL5", reference:"cups-lpd-1.3.7-8.el5_3.6")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-780-1.NASL description Anibal Sacco discovered that CUPS did not properly handle certain network operations. A remote attacker could exploit this flaw and cause the CUPS server to crash, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 39311 published 2009-06-04 reporter Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/39311 title Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : cups, cupsys vulnerability (USN-780-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-780-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(39311); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:33:02"); script_cve_id("CVE-2009-0949"); script_bugtraq_id(35169); script_xref(name:"USN", value:"780-1"); script_name(english:"Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : cups, cupsys vulnerability (USN-780-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Anibal Sacco discovered that CUPS did not properly handle certain network operations. A remote attacker could exploit this flaw and cause the CUPS server to crash, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/780-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:cups"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:cups-bsd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:cups-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:cups-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:cups-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:cupsys"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:cupsys-bsd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:cupsys-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:cupsys-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:cupsys-dbg"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcups2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcups2-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcupsimage2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcupsimage2-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcupsys2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcupsys2-dev"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcupsys2-gnutls10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.04"); script_set_attribute(attribute:"patch_publication_date", value:"2009/06/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/06/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(6\.06|8\.04|8\.10|9\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 8.04 / 8.10 / 9.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"6.06", pkgname:"cupsys", pkgver:"1.2.2-0ubuntu0.6.06.14")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"cupsys-bsd", pkgver:"1.2.2-0ubuntu0.6.06.14")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"cupsys-client", pkgver:"1.2.2-0ubuntu0.6.06.14")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libcupsimage2", pkgver:"1.2.2-0ubuntu0.6.06.14")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libcupsimage2-dev", pkgver:"1.2.2-0ubuntu0.6.06.14")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libcupsys2", pkgver:"1.2.2-0ubuntu0.6.06.14")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libcupsys2-dev", pkgver:"1.2.2-0ubuntu0.6.06.14")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"libcupsys2-gnutls10", pkgver:"1.2.2-0ubuntu0.6.06.14")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"cupsys", pkgver:"1.3.7-1ubuntu3.5")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"cupsys-bsd", pkgver:"1.3.7-1ubuntu3.5")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"cupsys-client", pkgver:"1.3.7-1ubuntu3.5")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"cupsys-common", pkgver:"1.3.7-1ubuntu3.5")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"libcupsimage2", pkgver:"1.3.7-1ubuntu3.5")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"libcupsimage2-dev", pkgver:"1.3.7-1ubuntu3.5")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"libcupsys2", pkgver:"1.3.7-1ubuntu3.5")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"libcupsys2-dev", pkgver:"1.3.7-1ubuntu3.5")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"cups", pkgver:"1.3.9-2ubuntu9.2")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"cups-bsd", pkgver:"1.3.9-2ubuntu9.2")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"cups-client", pkgver:"1.3.9-2ubuntu9.2")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"cups-common", pkgver:"1.3.9-2ubuntu9.2")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"cups-dbg", pkgver:"1.3.9-2ubuntu9.2")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"cupsys", pkgver:"1.3.9-2ubuntu9.2")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"cupsys-bsd", pkgver:"1.3.9-2ubuntu9.2")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"cupsys-client", pkgver:"1.3.9-2ubuntu9.2")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"cupsys-common", pkgver:"1.3.9-2ubuntu9.2")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"cupsys-dbg", pkgver:"1.3.9-2ubuntu9.2")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"libcups2", pkgver:"1.3.9-2ubuntu9.2")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"libcups2-dev", pkgver:"1.3.9-2ubuntu9.2")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"libcupsimage2", pkgver:"1.3.9-2ubuntu9.2")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"libcupsimage2-dev", pkgver:"1.3.9-2ubuntu9.2")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"libcupsys2", pkgver:"1.3.9-2ubuntu9.2")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"libcupsys2-dev", pkgver:"1.3.9-2ubuntu9.2")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"cups", pkgver:"1.3.9-17ubuntu3.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"cups-bsd", pkgver:"1.3.9-17ubuntu3.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"cups-client", pkgver:"1.3.9-17ubuntu3.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"cups-common", pkgver:"1.3.9-17ubuntu3.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"cups-dbg", pkgver:"1.3.9-17ubuntu3.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"cupsys", pkgver:"1.3.9-17ubuntu3.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"cupsys-bsd", pkgver:"1.3.9-17ubuntu3.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"cupsys-client", pkgver:"1.3.9-17ubuntu3.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"cupsys-common", pkgver:"1.3.9-17ubuntu3.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"cupsys-dbg", pkgver:"1.3.9-17ubuntu3.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libcups2", pkgver:"1.3.9-17ubuntu3.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libcups2-dev", pkgver:"1.3.9-17ubuntu3.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libcupsimage2", pkgver:"1.3.9-17ubuntu3.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libcupsimage2-dev", pkgver:"1.3.9-17ubuntu3.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libcupsys2", pkgver:"1.3.9-17ubuntu3.1")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"libcupsys2-dev", pkgver:"1.3.9-17ubuntu3.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups / cups-bsd / cups-client / cups-common / cups-dbg / cupsys / etc"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-1083.NASL description Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX(r) Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The Internet Printing Protocol (IPP) allows users to print and manage printing-related tasks over a network. The CUPS last seen 2020-06-01 modified 2020-06-02 plugin id 39307 published 2009-06-04 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/39307 title RHEL 3 / 4 : cups (RHSA-2009:1083) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2009:1083. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(39307); script_version ("1.28"); script_cvs_date("Date: 2019/10/25 13:36:14"); script_cve_id("CVE-2009-0791", "CVE-2009-0949", "CVE-2009-1196"); script_bugtraq_id(35169); script_xref(name:"RHSA", value:"2009:1083"); script_name(english:"RHEL 3 / 4 : cups (RHSA-2009:1083)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX(r) Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The Internet Printing Protocol (IPP) allows users to print and manage printing-related tasks over a network. The CUPS 'pdftops' filter converts Portable Document Format (PDF) files to PostScript. 'pdftops' is based on Xpdf and the CUPS imaging library. A NULL pointer dereference flaw was found in the CUPS IPP routine, used for processing incoming IPP requests for the CUPS scheduler. An attacker could use this flaw to send specially crafted IPP requests that would crash the cupsd daemon. (CVE-2009-0949) A use-after-free flaw was found in the CUPS scheduler directory services routine, used to process data about available printers and printer classes. An attacker could use this flaw to cause a denial of service (cupsd daemon stop or crash). (CVE-2009-1196) Multiple integer overflows flaws, leading to heap-based buffer overflows, were found in the CUPS 'pdftops' filter. An attacker could create a malicious PDF file that would cause 'pdftops' to crash or, potentially, execute arbitrary code as the 'lp' user if the file was printed. (CVE-2009-0791) Red Hat would like to thank Anibal Sacco from Core Security Technologies for reporting the CVE-2009-0949 flaw, and Swen van Brussel for reporting the CVE-2009-1196 flaw. Users of cups are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the cupsd daemon will be restarted automatically." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2009-0791" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2009-0949" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2009-1196" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2009:1083" ); script_set_attribute( attribute:"solution", value:"Update the affected cups, cups-devel and / or cups-libs packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_cwe_id(189, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cups"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cups-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cups-libs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4.8"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/06/09"); script_set_attribute(attribute:"patch_publication_date", value:"2009/06/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/06/04"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x / 4.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2009:1083"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL3", reference:"cups-1.1.17-13.3.62")) flag++; if (rpm_check(release:"RHEL3", reference:"cups-devel-1.1.17-13.3.62")) flag++; if (rpm_check(release:"RHEL3", reference:"cups-libs-1.1.17-13.3.62")) flag++; if (rpm_check(release:"RHEL4", reference:"cups-1.1.22-0.rc1.9.32.el4_8.3")) flag++; if (rpm_check(release:"RHEL4", reference:"cups-devel-1.1.22-0.rc1.9.32.el4_8.3")) flag++; if (rpm_check(release:"RHEL4", reference:"cups-libs-1.1.22-0.rc1.9.32.el4_8.3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups / cups-devel / cups-libs"); } }NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2009-1083.NASL description From Red Hat Security Advisory 2009:1083 : Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX(r) Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The Internet Printing Protocol (IPP) allows users to print and manage printing-related tasks over a network. The CUPS last seen 2020-06-01 modified 2020-06-02 plugin id 67868 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67868 title Oracle Linux 3 / 4 : cups (ELSA-2009-1083) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2009:1083 and # Oracle Linux Security Advisory ELSA-2009-1083 respectively. # include("compat.inc"); if (description) { script_id(67868); script_version("1.11"); script_cvs_date("Date: 2019/10/25 13:36:08"); script_cve_id("CVE-2009-0791", "CVE-2009-0949", "CVE-2009-1196"); script_bugtraq_id(35169); script_xref(name:"RHSA", value:"2009:1083"); script_name(english:"Oracle Linux 3 / 4 : cups (ELSA-2009-1083)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2009:1083 : Updated cups packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX(r) Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The Internet Printing Protocol (IPP) allows users to print and manage printing-related tasks over a network. The CUPS 'pdftops' filter converts Portable Document Format (PDF) files to PostScript. 'pdftops' is based on Xpdf and the CUPS imaging library. A NULL pointer dereference flaw was found in the CUPS IPP routine, used for processing incoming IPP requests for the CUPS scheduler. An attacker could use this flaw to send specially crafted IPP requests that would crash the cupsd daemon. (CVE-2009-0949) A use-after-free flaw was found in the CUPS scheduler directory services routine, used to process data about available printers and printer classes. An attacker could use this flaw to cause a denial of service (cupsd daemon stop or crash). (CVE-2009-1196) Multiple integer overflows flaws, leading to heap-based buffer overflows, were found in the CUPS 'pdftops' filter. An attacker could create a malicious PDF file that would cause 'pdftops' to crash or, potentially, execute arbitrary code as the 'lp' user if the file was printed. (CVE-2009-0791) Red Hat would like to thank Anibal Sacco from Core Security Technologies for reporting the CVE-2009-0949 flaw, and Swen van Brussel for reporting the CVE-2009-1196 flaw. Users of cups are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, the cupsd daemon will be restarted automatically." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2009-June/001024.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2009-June/001025.html" ); script_set_attribute(attribute:"solution", value:"Update the affected cups packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_cwe_id(189, 399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cups"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cups-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cups-libs"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/06/09"); script_set_attribute(attribute:"patch_publication_date", value:"2009/06/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 3 / 4", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL3", cpu:"i386", reference:"cups-1.1.17-13.3.62")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"cups-1.1.17-13.3.62")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"cups-devel-1.1.17-13.3.62")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"cups-devel-1.1.17-13.3.62")) flag++; if (rpm_check(release:"EL3", cpu:"i386", reference:"cups-libs-1.1.17-13.3.62")) flag++; if (rpm_check(release:"EL3", cpu:"x86_64", reference:"cups-libs-1.1.17-13.3.62")) flag++; if (rpm_check(release:"EL4", reference:"cups-1.1.22-0.rc1.9.32.el4_8.3")) flag++; if (rpm_check(release:"EL4", reference:"cups-devel-1.1.22-0.rc1.9.32.el4_8.3")) flag++; if (rpm_check(release:"EL4", reference:"cups-libs-1.1.22-0.rc1.9.32.el4_8.3")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups / cups-devel / cups-libs"); }NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2009-1082.NASL description From Red Hat Security Advisory 2009:1082 : Updated cups packages that fix one security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX(r) Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The Internet Printing Protocol (IPP) allows users to print and manage printing-related tasks over a network. A NULL pointer dereference flaw was found in the CUPS IPP routine, used for processing incoming IPP requests for the CUPS scheduler. An attacker could use this flaw to send specially crafted IPP requests that would crash the cupsd daemon. (CVE-2009-0949) Red Hat would like to thank Anibal Sacco from Core Security Technologies for reporting this issue. Users of cups are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the cupsd daemon will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 67867 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67867 title Oracle Linux 5 : cups (ELSA-2009-1082) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2009:1082 and # Oracle Linux Security Advisory ELSA-2009-1082 respectively. # include("compat.inc"); if (description) { script_id(67867); script_version("1.10"); script_cvs_date("Date: 2019/10/25 13:36:08"); script_cve_id("CVE-2009-0949"); script_bugtraq_id(35169); script_xref(name:"RHSA", value:"2009:1082"); script_name(english:"Oracle Linux 5 : cups (ELSA-2009-1082)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2009:1082 : Updated cups packages that fix one security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX(r) Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The Internet Printing Protocol (IPP) allows users to print and manage printing-related tasks over a network. A NULL pointer dereference flaw was found in the CUPS IPP routine, used for processing incoming IPP requests for the CUPS scheduler. An attacker could use this flaw to send specially crafted IPP requests that would crash the cupsd daemon. (CVE-2009-0949) Red Hat would like to thank Anibal Sacco from Core Security Technologies for reporting this issue. Users of cups are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the cupsd daemon will be restarted automatically." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2009-June/001023.html" ); script_set_attribute(attribute:"solution", value:"Update the affected cups packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cups"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cups-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cups-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cups-lpd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/06/09"); script_set_attribute(attribute:"patch_publication_date", value:"2009/06/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL5", reference:"cups-1.3.7-8.el5_3.6")) flag++; if (rpm_check(release:"EL5", reference:"cups-devel-1.3.7-8.el5_3.6")) flag++; if (rpm_check(release:"EL5", reference:"cups-libs-1.3.7-8.el5_3.6")) flag++; if (rpm_check(release:"EL5", reference:"cups-lpd-1.3.7-8.el5_3.6")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups / cups-devel / cups-libs / cups-lpd"); }NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2009-1082.NASL description Updated cups packages that fix one security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX(r) Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The Internet Printing Protocol (IPP) allows users to print and manage printing-related tasks over a network. A NULL pointer dereference flaw was found in the CUPS IPP routine, used for processing incoming IPP requests for the CUPS scheduler. An attacker could use this flaw to send specially crafted IPP requests that would crash the cupsd daemon. (CVE-2009-0949) Red Hat would like to thank Anibal Sacco from Core Security Technologies for reporting this issue. Users of cups are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the cupsd daemon will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 43754 published 2010-01-06 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/43754 title CentOS 5 : cups (CESA-2009:1082) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2009:1082 and # CentOS Errata and Security Advisory 2009:1082 respectively. # include("compat.inc"); if (description) { script_id(43754); script_version("1.16"); script_cvs_date("Date: 2019/10/25 13:36:04"); script_cve_id("CVE-2009-0949"); script_bugtraq_id(35169); script_xref(name:"RHSA", value:"2009:1082"); script_name(english:"CentOS 5 : cups (CESA-2009:1082)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated cups packages that fix one security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX(r) Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The Internet Printing Protocol (IPP) allows users to print and manage printing-related tasks over a network. A NULL pointer dereference flaw was found in the CUPS IPP routine, used for processing incoming IPP requests for the CUPS scheduler. An attacker could use this flaw to send specially crafted IPP requests that would crash the cupsd daemon. (CVE-2009-0949) Red Hat would like to thank Anibal Sacco from Core Security Technologies for reporting this issue. Users of cups are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the cupsd daemon will be restarted automatically." ); # https://lists.centos.org/pipermail/centos-announce/2009-June/015963.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?57d0119a" ); # https://lists.centos.org/pipermail/centos-announce/2009-June/015964.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b466fe36" ); script_set_attribute(attribute:"solution", value:"Update the affected cups packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_cwe_id(399); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:cups"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:cups-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:cups-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:cups-lpd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5"); script_set_attribute(attribute:"vuln_publication_date", value:"2009/06/09"); script_set_attribute(attribute:"patch_publication_date", value:"2009/06/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/01/06"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-5", reference:"cups-1.3.7-8.el5_3.6")) flag++; if (rpm_check(release:"CentOS-5", reference:"cups-devel-1.3.7-8.el5_3.6")) flag++; if (rpm_check(release:"CentOS-5", reference:"cups-libs-1.3.7-8.el5_3.6")) flag++; if (rpm_check(release:"CentOS-5", reference:"cups-lpd-1.3.7-8.el5_3.6")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cups / cups-devel / cups-libs / cups-lpd"); }NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2009-282.NASL description Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap. (CVE-2009-0146, CVE-2009-0147) Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the (1) _cupsImageReadTIFF function in the imagetops filter and (2) imagetoraster filter, leading to a heap-based buffer overflow. (CVE-2009-0163) Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to g*allocn. (CVE-2009-0165) The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory. (CVE-2009-0166) Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary segments (CVE-2009-0195). Multiple integer overflows in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file that triggers a heap-based buffer overflow, possibly related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c, (4) JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE: the JBIG2Stream.cxx vector may overlap CVE-2009-1179. (CVE-2009-0791) The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read. (CVE-2009-0799) Multiple input validation flaws in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. (CVE-2009-0800) The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags. (CVE-2009-0949) Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file. (CVE-2009-1179) The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data. (CVE-2009-1180) The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference. (CVE-2009-1181) Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. (CVE-2009-1182) The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file. (CVE-2009-1183) Two integer overflow flaws were found in the CUPS pdftops filter. An attacker could create a malicious PDF file that would cause pdftops to crash or, potentially, execute arbitrary code as the lp user if the file was printed. (CVE-2009-3608, CVE-2009-3609) This update corrects the problems. Update : Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers last seen 2020-06-01 modified 2020-06-02 plugin id 42181 published 2009-10-20 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42181 title Mandriva Linux Security Advisory : cups (MDVSA-2009:282-1) NASL family SuSE Local Security Checks NASL id SUSE9_12434.NASL description The following bugs have been fixed : - The last seen 2020-06-01 modified 2020-06-02 plugin id 41304 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41304 title SuSE9 Security Update : CUPS (YOU Patch Number 12434) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1811.NASL description Anibal Sacco discovered that cups, a general printing system for UNIX systems, suffers from NULL pointer dereference because of its handling of two consecutive IPP packets with certain tag attributes that are treated as IPP_TAG_UNSUPPORTED tags. This allows unauthenticated attackers to perform denial of service attacks by crashing the cups daemon. last seen 2020-06-01 modified 2020-06-02 plugin id 38992 published 2009-06-03 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/38992 title Debian DSA-1811-1 : cups, cupsys - null ptr dereference NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2009-1082.NASL description Updated cups packages that fix one security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The Common UNIX(r) Printing System (CUPS) provides a portable printing layer for UNIX operating systems. The Internet Printing Protocol (IPP) allows users to print and manage printing-related tasks over a network. A NULL pointer dereference flaw was found in the CUPS IPP routine, used for processing incoming IPP requests for the CUPS scheduler. An attacker could use this flaw to send specially crafted IPP requests that would crash the cupsd daemon. (CVE-2009-0949) Red Hat would like to thank Anibal Sacco from Core Security Technologies for reporting this issue. Users of cups are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, the cupsd daemon will be restarted automatically. last seen 2020-06-01 modified 2020-06-02 plugin id 39306 published 2009-06-04 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/39306 title RHEL 5 : cups (RHSA-2009:1082) NASL family SuSE Local Security Checks NASL id SUSE_CUPS-6285.NASL description The last seen 2020-06-01 modified 2020-06-02 plugin id 39389 published 2009-06-15 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39389 title openSUSE 10 Security Update : cups (cups-6285)
Oval
| accepted | 2013-04-29T04:20:51.784-04:00 | ||||||||||||||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||||||||||||||
| contributors |
| ||||||||||||||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||||||||||||||
| description | The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags. | ||||||||||||||||||||||||||||||||
| family | unix | ||||||||||||||||||||||||||||||||
| id | oval:org.mitre.oval:def:9631 | ||||||||||||||||||||||||||||||||
| status | accepted | ||||||||||||||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||||||||||||||
| title | The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags. | ||||||||||||||||||||||||||||||||
| version | 27 |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/78040/CORE-2009-0420.txt |
| id | PACKETSTORM:78040 |
| last seen | 2016-12-05 |
| published | 2009-06-03 |
| reporter | Core Security Technologies |
| source | https://packetstormsecurity.com/files/78040/Core-Security-Technologies-Advisory-2009.0420.html |
| title | Core Security Technologies Advisory 2009.0420 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 35169 CVE(CAN) ID: CVE-2009-0949 Common Unix Printing System(CUPS)是一款通用Unix打印系统,是Unix环境下的跨平台打印解决方案,基于Internet打印协议,提供大多数PostScript和raster打印机服务。 在处理包含有两个IPP_TAG_UNSUPPORTED标签的特质IPP时,CUPS的cups/ipp.c文件中的ippReadIO()函数没有正确地初始化ipp结构,这可能导致受影响的应用崩溃。 cups/ipp.c文件中的ippReadIO()函数负责初始化表示当前IPP请求中不同标签的ipp结构: /----------- 1016 ipp_state_t /* O - Current state */ 1017 ippReadIO(void *src, /* I - Data source */ 1018 ipp_iocb_t cb, /* I - Read callback function */ 1019 int blocking, /* I - Use blocking IO? */ 1020 ipp_t *parent, /* I - Parent request, if any */ 1021 ipp_t *ipp) /* I - IPP data */ 1022 { 1023 int n; /* Length of data */ 1024 unsigned char buffer[IPP_MAX_LENGTH + 1], 1025 /* Data buffer */ 1026 string[IPP_MAX_NAME], 1027 /* Small string buffer */ 1028 *bufptr; /* Pointer into buffer */ 1029 ipp_attribute_t *attr; /* Current attribute */ 1030 ipp_tag_t tag; /* Current tag */ 1031 ipp_tag_t value_tag; /* Current value tag */ 1032 ipp_value_t *value; /* Current value */ 1035 DEBUG_printf(("ippReadIO(%p, %p, %d, %p, %p)\n", src, cb, blocking, 1036 parent, ipp)); 1037 DEBUG_printf(("ippReadIO: ipp->state=%d\n", ipp->state)); 1039 if (src == NULL || ipp == NULL) 1040 return (IPP_ERROR); 1041 1042 switch (ipp->state) 1043 { 1044 case IPP_IDLE : 1045 ipp->state ++; /* Avoid common problem... */ 1046 1047 case IPP_HEADER : 1048 if (parent == NULL) - -----------/ 在上面的代码中,通过几个不同的标签属性对报文进行计数。如果所发送的IPP报文标签属性低于0x10,CUPS就会认为是IPP_TAG_UNSUPPORTED标签: /----------- else if (tag < IPP_TAG_UNSUPPORTED_VALUE) { /* * Group tag... Set the current group and continue... */ if (ipp->curtag == tag) ipp->prev = ippAddSeparator(ipp); else if (ipp->current) ipp->prev = ipp->current; ipp->curtag = tag; ipp->current = NULL; DEBUG_printf(("ippReadIO: group tag = %x, ipp->prev=%p\n", tag, ipp->prev)); continue; } - -----------/ 由于CUPS处理这类标签的方式,如果报文中包含有两个连续的IPP_TAG_UNSUPPORTED,就会将IPP结构的最后一个节点初始化为NULL,这会在cupsdProcessIPPRequest函数试图读取attr结构的name字段时导致崩溃。 /----------- /* * 'cupsdProcessIPPRequest()' - Process an incoming IPP request. */ int /* O - 1 on success, 0 on failure */ cupsdProcessIPPRequest( cupsd_client_t *con) /* I - Client connection */ ... if (!attr) { /* * Then make sure that the first three attributes are: * * attributes-charset * attributes-natural-language * printer-uri/job-uri */ attr = con->request->attrs; if (attr && !strcmp(attr->name, "attributes-charset") && (attr->value_tag & IPP_TAG_MASK) == IPP_TAG_CHARSET) charset = attr; else charset = NULL; ... - -----------/ Easy Software Products CUPS < 1.3.10 厂商补丁: Easy Software Products ---------------------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href="http://www.cups.org" target="_blank" rel=external nofollow>http://www.cups.org</a> |
| id | SSV:11523 |
| last seen | 2017-11-19 |
| modified | 2009-06-04 |
| published | 2009-06-04 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-11523 |
| title | CUPS cups/ipp.c空指针引用拒绝服务漏洞 |
References
- http://www.securityfocus.com/bid/35169
- http://www.coresecurity.com/content/AppleCUPS-null-pointer-vulnerability
- http://www.redhat.com/support/errata/RHSA-2009-1082.html
- https://bugzilla.redhat.com/show_bug.cgi?id=500972
- http://www.ubuntu.com/usn/USN-780-1
- http://www.redhat.com/support/errata/RHSA-2009-1083.html
- http://secunia.com/advisories/35322
- http://secunia.com/advisories/35340
- http://www.debian.org/security/2009/dsa-1811
- http://securitytracker.com/id?1022321
- http://secunia.com/advisories/35328
- http://secunia.com/advisories/35342
- http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
- http://secunia.com/advisories/35685
- http://secunia.com/advisories/36701
- http://support.apple.com/kb/HT3865
- http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50926
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9631
- http://www.securityfocus.com/archive/1/504032/100/0/threaded